VibeGuard: A GitHub security scanner for indie developers and small teams

Jas — Wed, 06 Aug 2025 17:33:11 +0000

I built VibeGuard, a lightweight GitHub security scanner designed for indie developers, small teams, and people using platforms like VibeCode, Retool, or no-code tools that rely on custom scripts or API integrations.

VibeGuard helps catch basic security issues that are easy to miss when you're moving fast: things like exposed secrets, misconfigured auth flows, unsafe headers, or outdated libraries.

You paste in a GitHub repo (public or private), and it gives you a readable report with the most important findings. It doesn't require any setup, installs, or integrations—just paste and scan.

Why I built it:
After shipping a few projects myself, I realized how easy it is to forget something small that could turn into a big problem later. I didn’t want to set up a full security pipeline, but I still wanted peace of mind. VibeGuard is a middle ground: a simple tool to catch the obvious stuff before it bites you.

How it works:
Uses a mix of pattern-based checks and lightweight language models

Flags secrets, insecure API usage, weak auth, and other common issues

Supports JS, TS, Python, and plaintext scanning for now

Public scans don’t require login; private repo scan uses GitHub OAuth

What’s missing (for now):
No CI/CD integration yet

No support for compiled or container-based analysis

No self-hosted version, though it’s something I’d like to build for teams

It’s free to use during beta, and I’d really appreciate your feedback. I’d love to hear what’s helpful, what’s missing, or whether you’d actually use this as part of your workflow.

Thanks for checking it out!

DEV Community: Jas

VibeGuard: A GitHub security scanner for indie developers and small teams